Loading A PDF Could Give Hackers Total Control Over Your
iPhone

Better not load any PDFs on your iPhone for a while, not unless you want to risk handing over total control of your device to hackers. The exploit affects all iOS 4 iOS 3.1.2 and higher devices, including the iPod touch and the iPad.

The malicious code lurks inside a font inside the PDF and when you go to view the document, it causes something called a “stack overflow” which fills up the memory. During the ensuing crash, the program can slip into your device and do anything it wants. Anything, from deleting files, to install secret monitoring programs, to automatically calling 911 every time you make a phone call, to constantly shouting insults at you. Anything that can be programmed can be done.

So until they patch this bug, best just wait to view any PDFs until you’re at your home computer.

This article is ridiculous…everyone knows that apple products are immune to hacking and viruses. It’s more likely that hackers broke into the Consumerist’s server, which is PROBABLY a PC, and uploaded this fake story to freak everyone out.

True enough, but what the article isn’t really saying is that you have to load a special, evil pdf file. The pdf that your boss just emailed you is probably okay. Unless your boss got it from the wrong place.

And for others you can create or buy libraries that do not have this problem. There are programs to check the final executable for buffer overflows, memory leaks etc. And even still, there are some hardware implementations that handle things like this. Since Apple has complete control over the hardware and software they should fix this vulnerability. …unless of course they want to not only control what apps you can buy, ebooks you can read, but also any content you can read from the internet.

Not that you would want to read a PDF on your phone anyways unless it was only a couple pages… Same logic as to why you would not watch the Lord of the Rings trilogy on your iphone. Personally, I enjoy my neck, back and eyes.

Can we finally accept the fact that viruses did not affect Apple products because very few people cared about Apple products. Not because Steve Jobs touched each one personally, infused it with his divine powers and thus made it immune from any virus.

Now that Apple products are used by many people, they make a good target.

fanboys certainly purport immunity, but the truth is that the assholes that write malware will exploit whatever they can, whenever they can. too bad they lack the cognition to put any of that energy toward anything productive – except maybe that ATM jackpot exploit – that seems pretty productive. =P

I’m surprised that nobody’s mentioned that there are only about a half dozen people in the world that know how to make use of this exploit and they’re all pert of the jailbreaking community. They’re not talking about how it’s done to anyone and they used it to create http://www.jailbreakme.com the jailbreak for all iOS devices running all firmwares that is executed by going to the site from your device’s Safari browser. There’s also a fix for jailbroken devices that helps prevent this from happening IF anyone else figures out how to do it.

The “jailbreakme.com” site uses it and it just briefly says it is downloading, but nothing about a PDF.

Unlike firefox, or even most browsers on windows, there is no way to alter the behavior of Safari so as to not try to download/view PDFs (Thank you Steve Jobs for locking us in with the flaws).

You can theoretically disable javascript but then sites don’t work (nothing like noscript that disables on a per-site basis), but you won’t be able to tell shortened URLs point to PDFs, so if someone tweets one? Buys a banner ad?

As far as I know, the only way to prevent the problem is not to surf anywhere that you don’t trust has secured things.